| ===================== |
| django.contrib.markup |
| ===================== |
| |
| .. module:: django.contrib.markup |
| :synopsis: A collection of template filters that implement common markup languages. |
| |
| Django provides template filters that implement the following markup |
| languages: |
| |
| * ``textile`` -- implements `Textile`_ -- requires `PyTextile`_ |
| * ``markdown`` -- implements `Markdown`_ -- requires `Python-markdown`_ |
| * ``restructuredtext`` -- implements `reST (reStructured Text)`_ |
| -- requires `doc-utils`_ |
| |
| In each case, the filter expects formatted markup as a string and |
| returns a string representing the marked-up text. For example, the |
| ``textile`` filter converts text that is marked-up in Textile format |
| to HTML. |
| |
| To activate these filters, add ``'django.contrib.markup'`` to your |
| :setting:`INSTALLED_APPS` setting. Once you've done that, use |
| ``{% load markup %}`` in a template, and you'll have access to these filters. |
| For more documentation, read the source code in |
| :file:`django/contrib/markup/templatetags/markup.py`. |
| |
| .. warning:: |
| |
| The output of markup filters is marked "safe" and will not be escaped when |
| rendered in a template. Always be careful to sanitize your inputs and make |
| sure you are not leaving yourself vulnerable to cross-site scripting or |
| other types of attacks. |
| |
| .. _Textile: http://en.wikipedia.org/wiki/Textile_%28markup_language%29 |
| .. _Markdown: http://en.wikipedia.org/wiki/Markdown |
| .. _reST (reStructured Text): http://en.wikipedia.org/wiki/ReStructuredText |
| .. _PyTextile: http://loopcore.com/python-textile/ |
| .. _Python-markdown: http://pypi.python.org/pypi/Markdown |
| .. _doc-utils: http://docutils.sf.net/ |
| |
| reStructured Text |
| ----------------- |
| |
| When using the ``restructuredtext`` markup filter you can define a |
| :setting:`RESTRUCTUREDTEXT_FILTER_SETTINGS` in your django settings to |
| override the default writer settings. See the `restructuredtext writer |
| settings`_ for details on what these settings are. |
| |
| .. warning:: |
| |
| reStructured Text has features that allow raw HTML to be included, and that |
| allow arbitrary files to be included. These can lead to XSS vulnerabilities |
| and leaking of private information. It is your responsibility to check the |
| features of this library and configure appropriately to avoid this. See the |
| `Deploying Docutils Securely |
| <http://docutils.sourceforge.net/docs/howto/security.html>`_ documentation. |
| |
| .. _restructuredtext writer settings: http://docutils.sourceforge.net/docs/user/config.html#html4css1-writer |
| |
| Markdown |
| -------- |
| |
| The Python Markdown library supports options named "safe_mode" and |
| "enable_attributes". Both relate to the security of the output. To enable both |
| options in tandem, the markdown filter supports the "safe" argument. |
| |
| {{ markdown_content_var|markdown:"safe" }} |
| |
| .. warning:: |
| |
| Versions of the Python-Markdown library prior to 2.1 do not support the |
| optional disabling of attributes and by default they will be included in |
| any output from the markdown filter - a warning is issued if this is the |
| case. |
